Go Back   Hardware Canucks > SOFTWARE > O/S's, Drivers & General Software

    
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old April 14, 2011, 08:07 AM
Hall Of Fame
F@H
 
Join Date: Nov 2008
Location: Ottawa, ON
Posts: 1,230

My System Specs

Unhappy [Likely not virus?] MSE, Windows Defender, Firewall close immediately on startup

Hi all,

I'm having an issue with the Windows / MS security programs / Microsoft Security Essentials (MSE) on my temporary main rig (Athlon XP 5200+ OC / 4GB / Windows Vista Business x64 SP2). I'm typing this post from my laptop with the Kaspersky noted below...

Here's the symptoms:
  • If I start Windows Defender service through Admin. Tools, I get the message "The Windows Defender service on Local Computer started and then stopped."
  • Microsoft Security Essentials, Windows Firewall, and Windows Defender windows close within 1 second of me opening them
  • The closing of the above windows appears as if I pressed ALT+F4 on the window, with no warning or error. Note the Aero "fade out" animation plays when these windows close - again as if I ALT+F4'd the window
  • EDIT: The "Windows Firewall with Advanced Security" doesn't close and is functional. Maybe it's because you need a UAC prompt to access it?
  • When MSE gets closed as described above, its task bar icon disappears as well
  • I pulled all three HDDs from the system and scanned them with Kaspersky on my laptop. NO DETECTIONS
  • I swapped out MSE for McAfee AntiVirus Plus, and if I don't set my firewall settings to "stealth", I get the following "open" ports...
  • EDIT: McAfee didn't detect anything when run locally on the problem computer
Code:
Starting Nmap 5.00 ( http://nmap.org ) at 2011-04-14 09:46 EDT
Interesting ports on 172.XX.XX.XX:
Not shown: 993 filtered ports
PORT      STATE SERVICE
6646/tcp  open  unknown
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49155/tcp open  unknown
49157/tcp open  unknown
49160/tcp open  unknown
MAC Address: 00:XX:XX:XX:XX:XX (Asustek Computer)
Note if I tell the firewall to be "stealth mode", no ports are detected open by Nmap. I currently have my network set to "Public" profile on that computer.

This all started yesterday... I shut down my PC at noon that day, and all of this started when I came back at around 6:30 PM to start it up again. Note I noticed these symptoms BEFORE installing the slew of Patch Tuesday updates. All PCs in my house are set to auto-update, so it's not like I'm running ancient anti-viruses.

On the problem PC described, my most recent program installs are the following:
  • National Instruments LabVIEW 8.2 Runtime
  • CrystalDiskMark, from zip file
  • Civilizations IV +expansions, Dragon Age Origins; both from Steam backups on my home server
  • -- home server is running OpenSUSE and has bittorrent (Openoffice and Linux distros), port forwarded, and SVN open to my LAN and my school by IP whitelist only
The problem PC has no servers running, but it does run Folding@Home + BOINC 24/7.

What I'd like to know, is that do you think this is a glitch from some failed update or overclock, or is it some virus that's eluded MSE and Kaspersky? I'm not at risk of data loss and I have an DBAN disk + image backup ready to be applied in that order if you have reason to believe the PC is compromised.

Edit 2: The dialog boxes I mentioned above work normally when TrayIt! is not running... bug?
__________________
"The computer programmer says they should drive the car around the block and see if the tire fixes itself." [src]

Last edited by frontier204; April 14, 2011 at 11:46 AM. Reason: Update
Reply With Quote
  #2 (permalink)  
Old April 14, 2011, 09:32 AM
"Quote This..."
F@H
 
Join Date: Nov 2007
Location: Hell
Posts: 3,833
Default

Try running Malwarebytes Anti-Malware. AV does not scan for malware and you may have some.

Edit: MSE disables Windows Defender. So that one is a non-issue.
Reply With Quote
  #3 (permalink)  
Old April 14, 2011, 09:49 AM
Hall Of Fame
F@H
 
Join Date: Nov 2008
Location: Ottawa, ON
Posts: 1,230

My System Specs

Default

Thanks for the reply Squeetard.
I ran MBAM's quick scan and it found nothing, so I'm retrying with the full scan.

Upon further troubleshooting, I found that the culprit may be the "TrayIt!" app that I use to hide my GPU folding console window... The Windows Firewall window works properly when the app is not on. It's odd that I haven't had any troubles before.
__________________
"The computer programmer says they should drive the car around the block and see if the tire fixes itself." [src]
Reply With Quote
  #4 (permalink)  
Old April 14, 2011, 11:45 AM
Hall Of Fame
F@H
 
Join Date: Nov 2008
Location: Ottawa, ON
Posts: 1,230

My System Specs

Default

Well I'm posting from the PC in question in this thread now... If some malicious software is evasive enough to avoid Kaspersky, MSE, and MBAM, then posting from that computer on these forums is the least of my worries

Malwarebytes full scan picked up nothing as well, so either it's as I said some super rootkit attached to TrayIt! (unlikely) or some strange patch that now made MSE's and Windows Firewall's dialog boxes allergic to TrayIt! (much more likely).
__________________
"The computer programmer says they should drive the car around the block and see if the tire fixes itself." [src]
Reply With Quote
  #5 (permalink)  
Old April 14, 2011, 12:28 PM
Top Prospect
 
Join Date: Dec 2009
Location: Calgary
Posts: 129

My System Specs

Default

I had a similar problem recently and it was a virus that I couldn't clean. It was something that came from a bad torrent that MSE didn't catch. I ended up formatting the computer and reinstalling after a few days of trying to clean it off.
Reply With Quote
  #6 (permalink)  
Old April 14, 2011, 12:39 PM
Hall Of Fame
F@H
 
Join Date: Nov 2008
Location: Ottawa, ON
Posts: 1,230

My System Specs

Default

Thanks for the note... The issue is I don't see any virus-like activity. My home server didn't detect any attacks against its firewall, the computer's still perfectly stable (and all apps work now that I closed TrayIt!), and nothing strange piggybacked onto a USB key I stuck into the computer (checked with a Linux box). There's also two other computers with the same OS and MSE, and they're not affected.

I just did a Newegg order and I did NOT use this computer, so I'll have to DBAN my disks to feel safe using it again. ...my SSD is not going to like this!... I probably won't return to this computer anyway because the aforementioned Newegg order was for a motherboard to complete my Sandy Bridge + Cougar Point B3 build
__________________
"The computer programmer says they should drive the car around the block and see if the tire fixes itself." [src]
Reply With Quote
Reply


Thread Tools
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] BSOD at Windows Vista Startup iv:xx Troubleshooting 5 February 28, 2011 09:59 AM
Windows 7 Startup Issues Pukka O/S's, Drivers & General Software 0 May 6, 2010 06:40 AM
Bit Defender Antivirus GMJim O/S's, Drivers & General Software 0 March 2, 2010 03:05 PM
windows firewall problem... omgwtf Troubleshooting 9 May 26, 2008 08:03 PM
WTF - Windows Logging Me off on Startup CasheKicker Troubleshooting 9 March 25, 2008 09:25 AM